| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch. |
| Information disclosure while processing a firmware event. |
| Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element. |
| Transient DOS while parsing video packets received from the video firmware. |
| Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32. |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. |
| pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer. |
| Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. |
| A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) that lacks a properly secured DACL, allowing unprivileged users to interact with the driver and, as a result, the kernel. This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts. |
| Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses |
| libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler. |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. |
